CVE-2021-36513 – This vulnerability in SignalWire FreeSWITCH all... (How to Fix)

Q: What is the severity of CVE-2021-36513?

CVE-2021-36513 has a CVSS score of 7.5 (HIGH). This vulnerability in SignalWire FreeSWITCH allows attackers to view sensitive information due to an uninitialized value in the sofia_handle_sip_i_notify function. It affects FreeSWITCH installations before version 1.10.6. Attackers could potentially access memory contents that should remain confidential.

📋 TL;DR

This vulnerability in SignalWire FreeSWITCH allows attackers to view sensitive information due to an uninitialized value in the sofia_handle_sip_i_notify function. It affects FreeSWITCH installations before version 1.10.6. Attackers could potentially access memory contents that should remain confidential.

💻 Affected Systems

Products:

SignalWire FreeSWITCH

Versions: All versions before 1.10.6

Operating Systems: All operating systems running FreeSWITCH

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with SIP NOTIFY handling enabled (default in many configurations).

📦 What is this software?

Freeswitch by Signalwire

View all CVEs affecting Freeswitch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive information from memory, potentially exposing credentials, configuration data, or other confidential information stored in the FreeSWITCH process memory.

🟠

Likely Case

Information disclosure of uninitialized memory contents, which could include fragments of previous SIP messages, configuration data, or other process memory.

🟢

If Mitigated

Limited information disclosure with proper network segmentation and access controls preventing external attackers from reaching vulnerable systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted SIP NOTIFY messages to vulnerable systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.10.6

Vendor Advisory: https://github.com/signalwire/freeswitch/releases/tag/v1.10.6

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop FreeSWITCH service. 3. Upgrade to FreeSWITCH 1.10.6 or later. 4. Restart FreeSWITCH service. 5. Verify functionality.

🔧 Temporary Workarounds

Disable SIP NOTIFY handling

all

Temporarily disable SIP NOTIFY message processing to prevent exploitation

# Modify sofia.conf to remove or comment NOTIFY handling
# Requires configuration changes specific to your setup

Network filtering

linux

Block SIP NOTIFY messages at network perimeter

# Example iptables rule: iptables -A INPUT -p udp --dport 5060 -m string --string "NOTIFY" --algo bm -j DROP
# Adjust for your specific SIP ports and protocols

🧯 If You Can't Patch

Implement strict network segmentation to isolate FreeSWITCH from untrusted networks
Deploy network-based intrusion detection/prevention systems to monitor for SIP NOTIFY exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check FreeSWITCH version: freeswitch -version or examine package version. If version is earlier than 1.10.6, system is vulnerable.

Check Version:

freeswitch -version 2>/dev/null | head -1 || dpkg -l | grep freeswitch || rpm -qa | grep freeswitch

Verify Fix Applied:

Verify FreeSWITCH version is 1.10.6 or later and test SIP NOTIFY functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Unusual SIP NOTIFY messages in FreeSWITCH logs
Memory access errors or segmentation faults related to sofia_handle_sip_i_notify

Network Indicators:

SIP NOTIFY messages with unusual content or from unexpected sources
Multiple NOTIFY messages to the same endpoint in short time

SIEM Query:

source="freeswitch.log" AND "NOTIFY" AND ("error" OR "fault" OR "segmentation")

📊 Metadata

CVE ID: CVE-2021-36513

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-909

Published: October 18, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/signalwire/freeswitch/issues/1245 Exploit,Third Party Advisory
https://github.com/signalwire/freeswitch/releases/tag/v1.10.6 Release Notes,Third Party Advisory
https://newreleases.io/project/github/signalwire/freeswitch/release/v1.10.6 Release Notes,Third Party Advisory
https://github.com/signalwire/freeswitch/issues/1245 Exploit,Third Party Advisory
https://github.com/signalwire/freeswitch/releases/tag/v1.10.6 Release Notes,Third Party Advisory
https://newreleases.io/project/github/signalwire/freeswitch/release/v1.10.6 Release Notes,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36513, you might also want to check these: